Keyless Car Relay Attacks Enable Vehicle Theft in Under a Minute, 85% of Models Unprotected
What Happened – Thieves use inexpensive radio‑amplifier kits to relay the signal from a keyless fob to a vehicle, unlocking and starting it in under 30 seconds. Tests by Germany’s ADAC show only ~15 % of more than 800 examined models resist the attack; the remaining 85 % can be stolen without breaking glass or triggering alarms.
Why It Matters for TPRM –
- Physical loss of assets directly impacts insurers, fleet operators, and OEM supply chains.
- The vulnerability spans global OEMs, exposing third‑party logistics and after‑market service providers to increased theft risk.
- Mitigation often requires firmware updates or aftermarket hardware, creating a patch‑management challenge for vehicle‑fleet managers.
Who Is Affected – Automotive manufacturers, fleet operators, rental car companies, insurance carriers, aftermarket parts distributors, and any organization that relies on keyless entry vehicles.
Recommended Actions –
- Verify that OEMs have released firmware or hardware mitigations for relay attacks.
- Require vendors to implement signal‑blocking pouches or Faraday cages for stored fobs.
- Update fleet security policies to include OBD‑II port lockdown and regular key‑fob inventory checks.
Technical Notes – Relay attacks exploit the continuous low‑power broadcast of keyless fobs; attackers amplify and forward the signal to the vehicle’s receiver. No known CVE, but the flaw is inherent to the design of many RF‑based proximity systems. Some thieves also compromise vehicles via the OBD‑II diagnostic port, bypassing the wireless link entirely. Source: Help Net Security